Slashdot Mirror
Making Carriers Shoulder Smartphone Security
alphadogg writes "Georgia Tech researchers have received a $450,000 NSF grant to boost security of iPhones, BlackBerries and other smartphones and the wireless networks on which they run. And it's those networks where the researchers are really zeroing in. The researchers are looking into ways wireless carriers such as AT&T and Verizon can detect malware on devices and clean up the devices before they do further damage. 'While a single user might realize that a phone is behaving differently, that person probably won't know why,' says Patrick Traynor, assistant professor at Georgia Tech’s School of Computer Science. 'But a cell phone provider may see a thousand devices behaving in the same way and have the ability to do something about it.' Georgia Tech is going to build out a cellular network test bed to try out its remote repair techniques."
Last time a company had access to the contents of a device (Amazon -> Kindle), they caused a really big uproar.
Next, they'll add into their contracts: 'Costumer does not own their phone. We reserve the right to make whatever changes to the device we deem acceptable. Any and all changes made that cause injury or loss of use of the device are not cause for release from this contract.'
Upon turning on your phone, it demands a cookie.
Your phone tells you it needs antivirus installed.
Hold music is replaced by a twisted AI that sings about cake and says it's okay if you want to leave (a message). ...
#fuckbeta #iamslashdot #dicemustdie
So they are going to deploy the ability to remotely update the users device. Because the bad guys will never figure out how the company does it. I can see it now. An entire carriers smart cell line bricked by a remote exploit that updates phones.
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
I'd really rather not allow a company access to "clean up" my devices. While this might be good in certain corporate or university based environments where all the equipment is owned by a central group, is isn't a good idea for public cellular networks where individuals own the phones. That is, unless we go to a phone lease system instead of purchase. I should really shutup before I give the networks more ideas on how to screw us over...
In the corporate space however there are device management solutions available for Windows Mobile, Blackberry and Symbian that have seldom been rolled out at carrier level. These can lock down devices so that malware cannot be installed, and unauthorized applications removed. I cannot see that working as a consumer proposition, it really doesn't work well at the corporate level either. importantly these solutions are all at the IP layer (dumb bitpipe) and don't care how the device connects to the management server. ActiveSync, WiFi, cellular connection (and yes, via SMS too) will all trigger a wiped device or an app uninstall.
Nothing to do with telcos. Move along.
Spending money to facilitate better service for these private businesses who have not only made billions from customers, but took billions of tax dollars and screwed us as citizens.
NSF should not be paying a cent for this. The issues need to become prominent enough for the customers to demand better products from the oligopoly of telcos.
And to think that each time I get an NSF check, *I* have to pay.
"Careful! We don't want to learn from this!" -Calvin & Hobbes
There is hardly any malware for mobile platforms out in the wild. I don't see how security is a huge issue. Sure, some may point to the jailbroken iPhone worms but that is because they were running SSH with a default password! I'm surprised it took this long, whats next having the government sniff our Facebooks in the name of "security" because a few people with the password of "password" were hacked? This is opening a can of worms we should leave unopened.
Taxation is legalized theft, no more, no less.
'nuff said.
is netphone-neutrality politically different than net-neutrality?
how about stop useing network locks & custom software this more like the same carp that you get on new pc's.
I hate to be an obnoxious twit, but I REALLY don't like the idea of a carrier messing with my phone, even for the sake of carrier network stability. I would rather have the phone's carrier network access locked down so all IP traffic is stopped and all non-emergency voice calls get redirected to a call center who can inform me that my phone behaves like a virus laden whore. When and if I want to modify my phone OS and applications is my call. At least for GSM, the SIM card is by design an easily transferable token confering network access and an authentication token. Whomever holds this token is authorized as far as the system is concerned.
While putting a stop to virus outbreaks may be altruistic, fundamentally allowing such functionality is dangerious. That recent incident of carrier spyware being slipped into a fake blackberry update (in Dubai?) illustrates this, and that's probably only the tip of the iceberg. Only until very recently, consumers have put up with carriers getting root access to their phones.
Fuck that noise.
If I need an OS update, I get it from the phone manufacturer. If I need mobile antivirus, I get that from a vendor. The carriers are still living in the fantasyland that they are not a provider of dumb bandwidth pipes and can bleed their customers dry for things from bluetooth activation to single character charges in SMS.
If anything, this is the reason why a real opensource phone like OpenMoko was necessary.
The concept of traffic analysis to identify malware seems credible at first glance from a technical perspective. But the last thing we need is another justification the mobile operators can use to assert admin control over our devices.
Are we cattle or what?
"Ohh, I don't know what's... happening to me."
"Ohh, it all happens... automatically."
"Ohh, you keep me well and safe."
"Ohh, you rule all of my life."
"You are just... too kind my masters."
Any sufficiently advanced intelligence is indistinguishable from stupidity.
Seriously, how many people think it's a good idea to let your ISP into your computer. Controlling it, installing/removing software, etc. Nobody would stand for that.
Mobile devices are not that different. They are still your personal computer and nobody should be screwing with it unless you explicitly allow it.
Now the phone company is certainly within their rights to degrade or isolate malfunctioning devices on their network but they better be doing that at the network level and not actually touch your device. They also better not completely disconnect a device just because it's malfunctioning. People's lives can depend on a phone working. In the case of a virus infected or otherwise malfunctioning device they could isolate its functionality on the network so that it can only be used with certain critical functions.
What would the NSA's, CIA's, DIA's, GCHQ's ect do if the public started running heavy encryption in their pockets? :)
Part of the charm is tracking, easy to tap, seeing who you phone and getting a voice print.
Some computer company could upset this balance of total information awareness that is the phone.
Costas Tsalikidis, the Greek telco whistleblower who was found hanged.
Adamo Bove head of security at Telecom Italia who exposed the CIA renditions via cell phones ‘fell’ to his death.
Or http://www.wired.com/threatlevel/2009/07/blackberry-spies/
So an average this is all just warmed over epic Magic Lantern for your pocket.
http://en.wikipedia.org/wiki/Magic_Lantern_(software)
An always on zfoneproject.com like layer would be great
Domestic spying is now "Benign Information Gathering"
NSF should not be paying a cent for this.
That is absolutely correct. Why should public money go to yet another private company?
Where did you read that the NSF was giving money to a private company? This is a research grant that is being paid to faculty at a university to fund research on how to make smartphones more secure. This is spelled out in the first sentence of the summary.
Seriously, sometimes the game of rabid-emotional-frenzy telephone that goes on here is a little much.
If you want a vision of the future, imagine a youtube comments section scrolling - forever.